LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-13-2017, 05:06 PM   #1
ChronicUser
Member
 
Registered: Mar 2015
Posts: 31

Rep: Reputation: Disabled
Opening a proxy via SSH behind NAT (router), with a middle man (Server ) to broker the connection between clients and proxy providers.


PC2 (Linux) – Router – Server (Linux CentOS 7) –Router – PC1

In regard to the simple image above, this is what I would like to do.

1. Open up an SSH proxy on PC2 so that the PC1 can use it as a proxy

2. Since both PC1 and PC2 are behind NAT they will need some sort of a middle man with a public IP. For that purpuse I have a Server with a public IP in-between.

I can open up an SSH proxy on the server quite easily and use it with PC1 and PC2.

Question:
How can a PC1 use PC2 as a SSH proxy.

If there is anything unclear please feel free to ask I will gladly provide you with additional information.

Thank you all for your time and effort.
 
Old 02-14-2017, 01:04 PM   #2
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,258
Blog Entries: 3

Rep: Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713
If the middle server has an SSH server running that is reachable from both PC1 and PC2, then :

The gist is that you would open a reverse tunnel from PC2 to the middle server, forwarding some port (maybe a high port) on the middle server to port 22 on PC2. Then connect from PC1 to PC2 using the middle server as a jump host (aka bastion). That helps if PC1 has the latest OpenSSH client on it and thus can use -J aka ProxyJump. Otherwise you'll have to use -W for stdio forwarding, which is more complex.

Once you can do that, make the connection from PC1 to PC2 (via the middle) using your proxy options, such as dynamic port forwarding with -D
 
Old 02-16-2017, 06:49 AM   #3
ChronicUser
Member
 
Registered: Mar 2015
Posts: 31

Original Poster
Rep: Reputation: Disabled
Thank you very much. I have managed to succeed to an extent but it seams that the configuration is faulty as far as I can see.
This is what I have done:

ME -> NAT -> SERVER -> NAT - SSH Proxy PC

ServerIP: 1.1.1.1
SSH configured to port 60002
Keybased authentication only
Quote:
SSH Proxy PC: ssh -N -R 1.1.1.1:10022:localhost:22 root@1.1.1.1 -p 60002

ME: ssh -N -D 10022 [User_On_SSH_Proxy_PC]@46.101.169.43 -p 10022


Then I configured firefox socks5 proxy settings to:

Quote:
localhost
10022


And it works in a sense that I can use the "SSH Proxy PC" as a proxy I can connect via it to the net.
But there seams to be a problem with the headers.
It is adding a HTTP_VIA header and is revealing that I am behind a proxy and leaking information.

Do you know of any way I can rectify this problem with this configuration.

Your previous link was extremely helpful, and I have managed to connect but the connection as I have stated does not seam to be properly configured.

Thank you for your time and effort.

Last edited by ChronicUser; 02-16-2017 at 06:50 AM.
 
Old 02-16-2017, 07:31 AM   #4
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,258
Blog Entries: 3

Rep: Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713Reputation: 3713
Which version of the SSH client are you running on the machine "ME" in your map? It makes a difference if it is OpenSSH older than OpenSSH version 7.3p because prior to that it will lack the ProxyJump option.

Quote:
Originally Posted by ChronicUser View Post
ME -> NAT -> SERVER -> NAT - SSH Proxy PC
On "SSH Proxy PC" make a new account, and make another on SERVER. Please do not use remote access to root for this or anything else. There is no need. An unprivileged user will be safer and give you more options. Think of the principle of least privilege. Anyway ...

From "SSH Proxy PC" do something like this:

Code:
ssh -N -R 10022:localhost:22 proxyuser@1.1.1.1 -p 60002
When you know it works, you can add in a -f option too.

Then from "ME" do something like this:

Code:
ssh -D 10024 -o ProxyCommand="ssh -W %h:%p  -p 60002 proxyuser@1.1.1.1"  -p 10022 proxyuser@localhost
Then you should be able to use port 10024 on the localhost when on ME with Firefox as your proxy.

When it works you can make it a shortcut in ~/.ssh/config

Edit: condensed second part into one step

Last edited by Turbocapitalist; 02-16-2017 at 07:46 AM.
 
  


Reply

Tags
proxy, reverse, server, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Connect to a proxy through a middle host with a ssh tunnel iacchi Linux - Networking 3 02-16-2012 12:02 PM
Unable to connect to proxy server though wi fi connection active proxy settings ok ncpanicker Linux - Wireless Networking 3 04-11-2011 03:27 AM
Using a Public-Facing SSH Server to Broker a Connection Between Two Clients nko Linux - Networking 1 02-22-2010 07:14 PM
cant ssh to a home server open a gprs connection using proxy nass Linux - Networking 2 05-26-2008 11:04 AM
SSH connection through companies proxy server rydl Linux - Networking 2 10-26-2005 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration